01-16-2012 06:33 AM
Hello,
On a Windows 2008 R2 domain controller running as a VM under Hyper-V I see the following informaitonal event in the Application Log: "lsass (496) A database location change was detected from 'C:\windows\NTDS\ntds.dit' to '\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5\Active Directory\NTDS\ntds.dit."
I was hoping someone could tell me why I received this message and if it is of any concern? This message was recorded while perfoming a backup of the VM using Backup Exec 2010 R3 with the Hyper-V Agent installed on the host machine and the remote Windows agent installed inside the guest machine.
I have used ntdsutil to confirm that my database and log files are still where I installed them (C:\Windows\NTDS). Does the database get moved temporarily when a backup is performed?
I also posted this on MS Technet forum and was advised to make sure Backup Exec uses the NTDS VSS writer. Any other writer, I was informed, could leave the database in a dirty state.
Can someone confirm if Backup Exec does indeed use the proper VSS writer and if the informational message I am receiving about the database changing location is problematic?
Thank you!
01-16-2012 10:04 AM
Do you have shadow copies enabled on the server? Does the event only occur during the backup or is there any other instance where this error is logged .
01-18-2012 10:20 AM
Yes it was only during a backup with Backup Exec. Can anyone confirm if this is normal behavior?
01-18-2012 08:12 PM
Well the message is not problematic at all as you can see the location where the AD database file is moved is for the shadowcopies .
02-17-2012 01:02 PM
This is very normal and it is not problematic.
Every time the backup runs the shadow copy makes it to a temp location and it is cleared off after the backup completes or a reboot.
Try : VSSADMIN LIST SHADOWS
c:\>vssadmin list shadows
vssadmin 1.0 - Volume Shadow Copy Service administrative command-line tool
(C) Copyright 2001 Microsoft Corp.
No shadow copies present in the system..
Try the same when the backup job runs , you will find the some shadow copies sets but they might not look helpfull, you can also see the devices by running, say "VSHADOW -q" which enumerates them directly through the VSS API.
Also if you would like to assign a drive letter to these shadow copies , you can use DOSDEV.EXE.
Eg :
c:\>dosdev z:'\\?\GLOBALROOT\Device\HarddiskVolumeShadowCopy5.
and then try the dir to find the content.
Hope this helps !